Phishing attacks and email hacks to get to your data have grown exponentially over the last decade, and you can expect to see these eight security hacks in 2023.
Today phishing schemes are becoming more challenging to identify. This two-part blog will identify eight clever phishing schemes to avoid over the next year.
Email Hacks to Avoid – The List
1. Simple use of malicious URLs or executable code in the body of the email.
In the early 2000s, it became obvious that email scammers existed. The progression has included automated campaigns, new engaging subject lines, and simple sender impersonation. Every time users caught on, a new phishing strategy entered the scene. Seeing fewer malicious URLs and executable code in the body of emails – as we have this year – has been a clear warning that email is a top target for hackers.
2. Sharp rise in the use of HTML and PDF attachments that SEGs do not block.
Why this works:
3. Cybercriminals use indirect and multi-step methods to lure in the end user, making the experience more authentic.
Different people have their own level of awareness regarding recognizing a potential phishing email. For most people, that level of awareness is based on sure tell-tale signs of phishing they were trained to look for, such as suspicious links, unknown senders, or an unfamiliar greeting. In this case, everything looks legit… but it’s not!
4. Expect more “personalized” phishing attempts.
In short, a fake sender lifts someone’s title from social media (usually LinkedIn) and creates a personalized site with the end user’s domain.
The attacker has a generic template and customizes it for each recipient site and company identity. Via Google search, the site automatically retrieves the favicon image of the recipient’s domain to create a personalized phishing site in real time. It’s essentially a magic impersonation redirect hosted by Google and is always available to the attacker at no cost.
Want to secure and protect your email from hackers?
Blue Fox Group can help. In addition to advanced email security monitoring and protection, we provide the following services:
- Review of your security posture and gaps
- Review any regulatory compliance activity and requirements
- Determine how to store and safeguard large amounts of sensitive data through Detection & Response and Encrypted backup services.
- Build a Remote Employee Security Checklist
- Implement Multi-factor Authentication & Phishing Security 3.0